How Cyber Fraud Almost Ended Our Agency (A Learning Lesson For Agencies & Brands)

 

Table Of Contents

 

MONEY ALL GONE TO HONG KONG

There are a lot of titles I played with, such as "How My Agency Unwittingly Funded Buying Guns For Gang Warfare In Nigeria" and "Facing Cyber Fraud - My Midlife Crisis As A Business Owner" or "Is This The End Of My Company."  And unfortunately they are all based on reality.

Because something really bad happened to my agency, and it was something I could have MAYBE avoided if I had just known what to look out for.  And I want to make sure now that ALL companies - brands and agencies alike - protect themselves from having this happen to them.  It's a rough story, but at the end of the day... we are still here alive and kicking, and fighting harder than ever to be the best agency we can be for our clients.  In this blog, I am sharing a very personal inside look at what happened to Hollywood Branded, and how to protect from cyber fraud happening to your company.


How Cyber Fraud Almost Ended Our Agency


A Little Background

For you new readers, as many of our readers are already familiar with Hollywood Branded from our countless blogs we post every week... I'm the CEO and founder of Hollywood Branded, which has already celebrated its tenth anniversary against all odds and headed quite soon to complete our 11th year in business. And boy do we have reason to celebrate these last couple of years.

I wrote this blog almost a year ago.  And it had taken me almost a full year before that to even get to the point where I could step away from my own emotions enough to be ready to write it. It’s one that I think every business owner should read, as I am writing it to help potentially save you (hundreds of) thousands of dollars and a lot of grief. 

When I have told this story to other business owners in passing, it always turns into a longer conversation than planned. For some reason, business owners like the thought of not losing money.  And more often than not, they too know someone who has been caught by this type of scam.  I'm pulling back the curtains, and sharing this in the hopes that at least one other business owner can prevent the same thing from happening to them. 


Starting An Agency

I founded Hollywood Branded in 2007. You know, the same year the bottom of the stock market fell out.  Awesome time to leave your decade long job and start off on your own.  And has it been a struggle over the years. Between employees and clients and just the general challenges of owning a small business in a very evolving world of advertising and marketing, it's not always been a smooth ride. And we have passed that magic ten-year mark that has always meant to me truly “making it”.

If you follow our blogs, you can see I’ve created a real, very robust, business.  We are quite well known in our industry.  And we do really fun stuff.  And make a big impact for clients. Every day is different.  I’ve gotten to work with hundreds of brands of all types.  Movie and TV shoots. Premiere parties and celebrity and influencer events.  Global travel.  All branded by a myriad of our clients products or logos.  Product Placement, Branded Content, Influencer Marketing, Celebrities – all words that mean consumer engagement to marketers.  It sounds on paper way more glamorous than it is, but it is a good life that I've created.

But I've also made some mistakes along the way that resulted in me almost losing my business. So let's take a look at that...


Business Owner Mistake #1: Employee Co-Signers

Along the way, as we got busier and busier, I hired a bookkeeper -  we were previously handling all the accounts receivable and payable ourselves.  After all, that is an area that can be delegated out - with a watchful eye and trust.

Any business consultant, seminar or book will tell an entrepreneur to not waste their precious time on this task.  “It just doesn't require your energy.” We had an accountant that I trusted already from years of working with her, so I had an extra set of eyes to look at the books.  And while still actively involved in the finances, I slowly gave the bookkeeper more and more responsibilities.

Including being a signee on our bank account.

WHAT?!! No, that is not where this tale of woe is going. The bookkeeper was solidly trustworthy in that regard. But this is not something I would suggest doing, as it did play a major part in this story.  Add your husband, your wife or a close personal friend who has potential ability to step in.  Don’t ever make an employee a co-signer.  That was Business Owner Mistake Number One.

I travel for work to see clients or speak at conference around the world.  A lot. Throughout the United States. To Europe. To China. I needed someone who could process dollars and help move money around. And over the six years of working together while all had not been totally error free, it was pretty darn good. 

Until one day… 


The Email Scam That Tore Us Apart

By now, every business and individual practically has been hit by cyber scams. We all laugh at the emails that spam us. 

You know:

  • My name is blah and I’m in desperate need of help...
  • The fact that a prince from the middle east just needs your bank account and in exchange you will be richly rewarded. 
  • A friend just lost their wallet and is overseas and needs some money to help them figure it out.
  • Or it’s the IRS and you are delinquent on taxes and need to send blah blah blah immediately.

These emails are ridiculous and flagrant in their obvious fakeness and sliminess. But these cyber scams are far more intricate than you can even begin to understand. And I certainly never thought one of those little emails would affect me personally. Or cause me to almost lose my business.

Mine is an important story to tell about how my business was scammed by cyber-fraud – successfully, and one that other business owners and management need to hear. So sit back, and get ready to read about a story that could just as easily happen to you if you’re not prepared. And that’s why I am writing this – to make sure your business, your agency, is better safeguarded.


The Day That Started So Well

On a seemingly innocuous day in August 2016 - August 3rd to be exact, just 4 days’ shy of my agency’s 9th anniversary, I was working from home without the usual office distractions that hamper personal productivity, in a desperate attempt to stay on top of everything I had as to-dos from the office. 

Much like all business owners, I am relentlessly and never endingly busy.  Oh so busy. My to-do's have to-do's and as the sole owner with no partner, I have a never-ending task list of HR, sales, marketing and client service items that need to be addressed.  I am never quite as on top of things as I would like to be, and other people’s needs endlessly keep on piling up. I’ve mastered parts of creating a successful business, and am still learning on many other levels.  In an attempt to stay on top of those piles, each week I arise early - often before the sun, and start my day typically from bed, answering emails and working on client projects and proposals, long into the night. 

That day, that seemingly innocuous day, began similarly with my working from home. One of my not so fun to-dos of the day was to talk a client into leaving our agency - as the time had come where we both needed to agree that the goals of the company were not aligned with what we were actually hired to do. I had already determined that. The client had not.  

The call was excellent in actuality -  and we ended up discussing a new way to work with one another that would allow my company to create a new service offering stylized off of how we were already marketing our own services through Inbound Content.  A great plan as we liked working with one another, and thought well of each other and each other’s company.  And I left the call absolutely pumped with this new strategy spinning away in my head. As an entrepreneur, there are few things I seem to like more than creating more business ideas, something that continuously makes my teams' eyeballs roll.  I’m truly excellent at creating work and more to-dos. 

Alas, that would be soon forgotten and put behind me as what happened next in my day caused me to need to fight with my every might of body and soul just to instead keep my company in existence. I just didn't know what was about to happen. 

That sounds pretty extreme, right? "Fight with my every might of body and soul..." but truly... that was how it played out. It was a fight to survive. Straight from a horror story.


Ok Stacy... Get To It! What Happened?

On that August morning, my email kept crashing and I ignored it as electronics and I often don't get along. Instead I worked from Skype and my phone. It's a running joke in my office and home that I overuse electronics and make them go nuts. So, I’m quite used to electronics going awry.  Little did I know there was something more sinister going on.

Around 12:30 that day I got a string of emails that came in from my bookkeeper, confirming the wire transfer had taken place. 

What wire transfer? 

 

I didn't authorize a wire transfer. 

 

For how much money?  ALL OF IT.

My entire operational budget – and savings from 9 years of being in business – had just been sent to Hong Kong it appeared. And unfortunately, it really had been.



Business Owner Mistake #2: Move That Money

By the way business owners... take a learning lesson from this as well. It's my business owner mistake #2 that you need to learn from. It is a BAD IDEA to keep your money in your company.  Take out your dividends.  Just keep 3 months of operating capital at a maximum.  You can always loan your company money in the future if times get tight.

Piecing that day together and all those days that followed feels like another lifetime. Twice before I’ve had an almost similar feeling – an engagement in my twenties gone awry to the point of being a soap opera storyline, and a bad business partnership dissolving seemingly overnight.  But those experiences had some lead up.  Some time to prepare.  Some known fact that I willingly played at least a role in what would ultimately knock me off my feet and fell me.

Nope. Not this time.  This involved a handful of conversations in broken English with the Hong Kong Hang Seng Bank where my company's entire savings was wired to. Tearful conversations with Citibank with their telling me that if 30 minutes’ passes from the time of the wire, there is nothing they can do to stop it. That’s right, 30 minutes is all you get. I caught it at minute 33.

Filing police reports in my home town and my business's location - as the police really had no idea what to do about cybercrime. And not one police officer recommended I speak to the FBI - even though I asked.  By the way, regardless of what anyone tells you, that’s the first thing you should do after calling your bank if a cybercrime does happen to you.

It involved doing research myself and at my husband’s bequest, on cybercrime, and finding this tiny well-hidden link on the FBI's website telling me where I should file. And then telling the story over and over again to different FBI field officers in different regions of our country. 

You MUST fill out a report with the FBI through this link Internet Crime Complaint Center.  

It included being instructed by both the Hong Kong Police and FBI to hire a Hong Kong lawyer to sue the bank to get my money returned. And did I mention endless hours of paperwork which went nowhere?  

And it involved me launching an FBI backed sting operation in which I actually got the cyber criminals to re-engage and ask for additional money.  Only to fail when the Hong Kong Police and Bank refused to participate. Despite having yet another bank account information provided by the criminals that could be tracked. I’ll leave you to draw your own conclusions about this. 

I obviously don't suggest banking with Hong Kong Hang Seng Bank which is owned by HSBC.  Since I would have had to SUE THE BANK to ask for my money back?  What the heck?  They were horrible and could have helped end this fraud, and at the least, ensured that the criminals doing this would not be able to get more money funneled through their accounts at that bank.  And they absolutely knew this was legit and what was going on, as the FBI attache in Hong Kong was working with them directly too.  I even reached out to their PR teams at the time to let them know I'd shout from the rooftops and publicize this.  And at the time, they didn't care. 


What DO You Tell Your Employees?

During that time I didn't tell my employees that the floor had just dropped out. That their jobs were likely no more. That there was no way I could afford to be in business any longer.  All lost, this was the end of my company.  I could just walk away, defeated by an unseen enemy.

But...

That's not really my personality. If you know me, you'll know I have a pretty bold one.

Instead, I buckled down and swam through those murky waters of despair, caused by seeing my hopes and dreams tossed away by a team of cyber criminals that struck not just my business, but a handful of others that same day.

So I am sure you want to know what actually happened. Hang in there.


Business Owner Mistake #3: Protect Your Money Maker Decisions

My bookkeeper worked remotely, coming into the office a few days each week. This individual had worked for me for over six years, was part of the office, and even attended my wedding. When I was approached by her to let me know her hours and general work would be changed due to needing medical treatment for a potentially progressive and deadly disease diagnosis of cancer, I readily agreed - anything needed, we would find a way.  And it was bumpy as she missed rent and bill payments here and there but nothing we could not deal with. After all ... life priorities, right? I picked up the slack.

My first and not last mistake as a business owner.  Business Owner Mistake Number Three.  If the person in charge of your finances is not mentally in top form, how can you expect them to be on the front lines, keeping your money safe?

On that fateful day, an email came in to the bookkeeper, asking how things were and if she would be in the office that day. The email was opened on an iPhone. And it said it was from me. 

But had the From line had actually been looked at more closely, it would have shown that while my name was indeed listed as Stacy Jones, the reply address was a string of characters at Gmail. Not me. Not @ hollywoodbranded.com.  It was what is known as a “spoofed email” – one that looks like it comes from the sender but actually has a different address hidden away that can be found only if one looks for it.  In a phone, it doesn’t show up.  In a laptop or desktop computer, it often does – but not always.

So, the bookkeeper replied and back and forth the email exchanges went. Eventually resulting in the bookkeeper's mad dash to the office to send a wire - where I wasn't there to be able to stop it from happening - before a jumping on a personal flight.

At the office, the bookkeeper found she couldn't send an international wire because I had successfully safeguarded my business -- the only time seemingly in this mess of things - to not allow international wires to be electronically sent. 

Undaunted by this obstacle, the bookkeeper went to the local Citibank branch to set up the wire. Which directly leads back to Business Owner Mistake Number One – giving your employees signing power at your bank.  And this is where Citibank also failed my business.  

Every day - and growing -  individuals and businesses are being hit by cybercrimes. And for the uninitiated the scams all share some of the same feel. They seem to have two main differences -  money is sent internationally to Hong Kong, or money is sent domestically to another US bank. 

And this is widely known by law enforcement and banking officials alike. 


The Bank Takes No Responsibility

Knowing that a business does not traditionally send wires. Knowing that Hong Kong is not within any business transactions of a company on a regular basis - the bank has full ability - and responsibility in my opinion -  to put in safeguards to protect the consumer and business owner. And it's not just Citibank. It is all banks in the US. 

And this is something that our legislation in Washington needs to fix.  Because it is a broken system that is costing US citizens billions of dollars every year.  If our government is concerned truly about imports and exports - they should become much more proactive in protecting their citizens' money from leaving the country through scams.

Thirty minutes after a wire is sent, the originating bank completely loses its ability to recall it. This is where we need our national legislation to change to protect individuals and businesses owners. Is there REALLY anything so urgent that a wire could not be held by the bank for longer, with a system of safeguards ensuring the wire is truly authorized?  Until our Congress makes banking law changes, this will not change.

We The People are not protected. But the bank is fully protected - they share no risk in protecting your money that they earn interest on daily. 

From talking to those in the know and other agency owners, businesses like mine are often the target of cybercriminals.  Any business type that is known for moving a lot of money – like advertising agencies do, get targeted.


Business Owner Mistake #4: Public A/R And A/P Emails 

So here's a biggie mistake I made.  And I bet a lot of other companies have made this too.  I listed the email address to reach my bookkeeper for accounts payable and receivable on my website. I gave the criminals a perfect access point of entry to reach through. I unlocked the door and gave them easy knowledge.  

I've included the conversation of the email chain below between the bookkeeper and the cybercriminal. I’m sharing it as other business owners I’ve spoken with have thought that there was no way their own team would ever fall for this scam.  And after they’ve seen it, they’ve had to rethink.  So take a look and decide – would your team possibly fall for this scam too?  If so – you need to start having some detailed conversations and put a plan in place to make sure this doesn’t happen to your business.

Now, there were some glaring red flags along the way that were missed by the bookkeeper… such as the fact that I had at that time a BlackBerry (they were a client for 8+ years… no iPhones in our office at that time) and the emails were all signed “Sent from my iPhone” and some word usage (who uses “sorted” – I’m not British).  But there were also some consistencies in style of writing that were possibly familiar to my own.  Did the cybercriminal have access to my emails? Possibly.

And to the bookkeeper’s credit, hoops were about to be jumped through all in the attempt to make me happy and provide a solution to my request.    

My first assigned detective from the FBI told me he had gotten in the exact same story... with different characters of the game... that day from THREE other businesses in the Los Angeles area for varying sums of money. All ranging from near to low six figures up to low 7 figures.  So, our team wasn't the only ones who fell for it. 


A Look At The Exact Crime That Happened

So here is a look (a few things redacted) of the exact conversations that happened.  After reading it... can you honestly tell me that your team would not fall for this too?

CYBERCRIMINAL EMAIL ONE:  Urgent

From: Stacy Jones [mailto:v2212025@gmail.com]
Sent: Wednesday, August 03, 2016 9:55 AM
To: Name of Bookkeeper <###@hollywoodbranded.com>
Subject: Re: Urgent

Hi

Are you at your desk?

Sent from my iPhone 

(Red Flag #1:  I have a BlackBerry.  I often communicate via mobile, the bookkeeper could have possibly spotted this.)

RESPONSE:  

I'm home. You can always text or call me if urgent.
:).

CYBER CRIMINAL EMAIL TWO

I've been very busy. I need you to please take care of a wire transfer , totally forgot it was pending and need it sorted out.

Can I send you the details?

Sent from my iPhone

(Red Flag #2  Who in the USA says “sorted out”. )

(Red Flag #3 Oh and yes - I’ve never asked for a wire transfer to be done via email. Or asked her at all to do one. Something I always took care of.)

RESPONSE:

Yes! Of course I can do it today. Is there a specific time it needs to be sent?

CYBER CRIMINAL EMAIL THREE

Yes I need it done ASAP.

BANK NAME: HANG SENG BANK

BANK ADDRESS : 83 DES VOEUX ROAD CENTRAL HONG KONG
SWIFT CODE:  HASEHKHH
ACCOUNT NAME: HK BEACON FIRE NETWORK TECHNOLOGY LIMITED
ACCOUNT NUMBER : ###-######-###
AMOUNT:####### USD

Please email me the confirmation paper work once done.

Sent from my iPhone 

(Red Flag #4  The request to wire money to Hong Kong. It screams fraud.  Hong Kong is possibly the fraud capitol of cybercrime with their broken banking system.  However, to provide a little fairness and insight to our company, we do work with Asian brands often, including those in China.  And we do write checks or make payments that are very significant dollar amounts in the high six figures to production companies and celebrity talent managers frequently. But not in China. We get the money FROM Chinese brands.)

RESPONSE:

Ok-give me about an hour to complete it. The device that I need to perform wire transfers is at the office. 

(Readers… we have a little fob that allows us to more safely – and fraud free – access our bank account.  It didn’t help us in this case obviously, but it is one more way you can lock down your bank accounts.)

CYBER CRIMINAL EMAIL FOUR

Ok (Name of Bookkeeper),thank you

Sent from my iPhone 

RESPONSE

Sure, anything for you – I’m here now about to process it.

CYBER CRIMINAL EMAIL FIVE

Thank you (Name of Bookkeeper). I Will be waiting for the confirmation paperwork

Sent from my iPhone

RESPONSE –

So...good news...wire was just sent.  Yay.

But...citibank didnt have us set up for online intl wires so I had to come to the branch to do it.

They are setting up intl wire Svc for future now.

I'm going back to office now to email you confirmation. Ref # ########. 

(Red Flag #5  Why oh why did the bank or the bookkeeper not stop to think about why we might not have international wire service set up.  In fact, it’s not set up to help prevent cybercrime fraud like this.  The bank branch should know what red flags to look for, and this was a major failure at helping to protect our agency’s money. Business owners... do NOT have international wire capability automatically set up unless you REALLY need it!)

CYBER CRIMINAL EMAIL SIX

Ok (Name of Bookkeeper)! I'm waiting for it.

And it wasn’t until then – all of these emails later - that I even found out!!!! 

After the bookkeeper went to the bank, then to the office to scan the paperwork to directly email me the confirmation paperwork requested… and actually started a new email chain to do so. To my real email address.  This is how all that transpired to send the company money away finally came to my attention... 33 minutes too late.


What We Did To Try To Stop It

The emails did continue from the cyber criminal, asking over and over again for that confirmation paperwork.  And the FBI had me continue to communicate with them in order to bait them and keep them engaged. 

But it was too late.  The cyber criminal knew about the transfer.  They moved the money immediately. In fact the FBI later informed me that the likelihood of my ever seeing my money again was nil.  That as soon as it that initial money was wired, an alert would have gone to the account holder, who would have then triggered an immediate wire likely to Russia from that Hong Kong bank as soon as it opened. And from there, Nigeria.

I still couldn't manage to stop it even though I had contacted the bank in Hong Hong BEFORE their banking hours were open. BEFORE their systems would have released the money.

In the meanwhile, I was feverishly working to have Hang Seng Bank – owned by HSBC – stop the wire transfer.  As they had not opened yet when the transfer was made, and I did manage to connect to their fraud division, one would have thought it would be possible to have stopped the transfer.  It wasn’t possible. And it wasn't because I didn't speak Chinese.  I even had an email transcribed to send them by someone I trusted from China.

When I contacted the bank, I was asked for the police case report number for both the US and for Hong Kong, and was told they would do nothing – including stopping the transfer, until they had it.  As time was not on my side, and the Hong Kong police do not answer the phone (everything is through their website), I had a near impossible task to accomplish.   I raced to file paperwork in the US, and in Hong Kong.  To not hear again from the Hong Kong police for weeks.  The FBI attaché in Hong Kong also got involved, and were turned away by Hang Seng Bank as well as the Hong Kong Police.

Once the cybercrime occurred – it was impossible for me to do anything to end it.  The train had left the station.  My agency’s money was gone forevermore.  I’m not one to give up, and using my own PR skills I wrote feverish pleas, demands and begged for assistance, through all known channels at Citibank, Hang Seng Bank and HSBC (the banking group to which Hang Seng Bank belongs).  I went to the highest executive levels available, and while I did get responses – no one could, or would, help. They all said it wasn't their problem. Every last one of them.

The banking system is utterly broken when it comes to assisting consumers with fraud.

Oh and the Hong Kong police? Months later they sent me a letter asking for me to refile the case.  It was much too late for that.


And The Cyber Criminal Came Back... Asking For More Money

Oh – and the best part?  The cybercriminal came back FOR MORE MONEY!  The next day we received this email: 

CYBER CRIMINAL EMAIL FROM NEW ADDRESS

I need you to take care of another international wire transfer,can I send you the account details?also kindly email me the paper work once done

Sent form my iPhone

My mother said the other day that I've always had a very extensive vocabulary.  I had no four-letter words to say left in my arsenal after that lovely email was received. I'm sure I said them in other languages too.  And then they reached out again, and asked for even more money than they had before.

I later learned that others had reported as early as February 2016 – 6 months prior to our cyber attack, that the IP address the emails originated from were from an address reported for being used “for malicious cybercrime attempting to have the recipient send wire transfers by spoofing the corporate email address.”  The things you can learn on the web by googling.  IP 173.201.193.44.


Protecting Yourself: How To Do It

So WHY is there not a safety check system in place?  HOW can we be so vulnerable as a society to attacks? 

Before you think you have your business completely locked down to cybercriminals, rethink it.  You probably don’t.  There are just too many ways companies are now getting hacked.  Just recently, one of my friends had her entire company server taken over by a pirate ransom attack – asking for obscene amounts of money to get the files back.  She luckily had a solid backup system in place that allowed her IT to save her from paying out.  She simply said "screw it" and shut down her server forever and bought new computers.  Now... that's still an expensive solution, but it was a better solution as the ransom was very high too.

And there are some very expensive cybercrime insurance plans that you can purchase for your business – something my own insurance broker had no knowledge of before our attack.  But we know now! And hopefully he's using my case study as a way to sell those insurance plans.

From talking to computer experts and FBI agents, it's likely the cyber criminals had access to my emails and computer.  My 'frozen' computer was timed too perfectly. I very likely had a malware installed that made my being available via email through that specific device purposely impossible. 

And it's also likely the criminals had access to my calendar which listed then the days I was traveling or out of the office. This entire cyber scams was planned to a perfect T. I was not in my office to stop the fraud. 

I’ve since become an ardent ‘saver’ of cyber fraud emails – as we get them on a DAILY basis.  I’ve actually created my own form of healing from this experience, sending back some crazily crafted virulent responses to what I think of these email senders.   And I’ve found a pattern that they are often timed to periods where I should not be around the office.  Am I now simply paranoid?  Maybe – but better safe than sorry. 


Business Owner Mistake #5: Anti Virus Software

And another thing we did wrong... we didn't have the proper Malware and Antivirus security protocol on all of the ways someone can attack you. We have Malwarebytes and Norton Antivirus but it didn't work on phones... which is in fact why the cyber criminals emails got to the bookkeeper. I cannot confidently say that our team was then keeping them as up to date as possible and I know for a fact they sometimes clicked (and still do) on things they shouldn't. But when your computer software says ‘update now’ – you really should update.

Our spam software on our email DID recognize the emails as not being legitimate. If the bookkeeper had been working from a laptop or desktop versus phone, she never would have received the original emails. 

When you research cybercrime the statics are horrifying. And the tricks mind boggling. The same crime ring that likely got my money was part of a giant ring based in Nigeria for millions and millions of dollars that was busted just days after my own loss. Police arrested a man near my own age, a 40-year old cybercriminal named “Mike” in a joint operation with INTERPOL and Nigerian Economic and Financial Crime Commission. If they had arrested him a few days earlier, perhaps my crime would not have occurred. What if's don't help now.  This guy was the suspected mastermind of a web of cybercrime scams thought to have cost victims - worldwide more than $60 million. Knowing this does not lessen my pain or ease my company’s loss. And he barely got any jail time for it - really a simple slap on the wrist.

And that’s how I learned that I really am in fact likely unwittingly a large benefactor to the purchase of illegal guns being used for warfare in Nigeria. Or at least, that's what the FBI agents told me. 

Who would have thunk THAT?! 


Business Owner Mistake #6:  Plan Money Transfer What Ifs 

I will never thank those criminals who on August 3rd came barreling into my life, causing destruction, mayhem and turmoil. Or the bookkeeper who immediately quit because she just couldn't handle the stress of what she just caused - and was scared sticking around to figure out the mess would send her out of remission from her disease.  All because the simple step of checking in via phone or text with me to make sure the wire request was legit was missed by her

And I'll take her mistake on as my fault. I actually don't blame her for what she did. She was trying to be a good employee by doing anything I needed. I didn't have a plan in place to keep this from happening.  But I am also someone who believes in accountability, and that people need to step up after and admit their mistakes, and help fix a situation.  Running doesn't do that.

And ultimately, in the long run, the responsibility for all of this, as owner of this agency, is mine. Which means I’ve committed Business Owner Mistake Number Six, which is that you must have a pre-discussed process with your team in place for any large movement of money.


Life Goes On  

But it did have a side effect. That pain, sorrow and anger that resulted from my financial loss has caused me to reset my priorities and what - and who - I'm willing to put up with.  

At the time of our cybercrime, I had some staff on my team that...well, let's just say were not exactly ideal to work with.  Whether by their personality, capability or just having come to a point where they stopped growing, they made my life and others on the team not so fun, with our dealing with trying to make the office environment positive despite those individuals who were poisoning the well, or picking up the slack that others dropped or were incapable of handling.

But I'm one of those bosses who doesn't like to fire.  And I can find reasons of worth for even the most incapable. It's an issue that plagues many business owners and bosses I've learned. We all see something of ourselves in others, and take their own individual incompetencies as our own to fix. You want to be the nice guy. You want to foster growth. You know that people are capable of stepping up.  And it's hard sometimes to realize that, for whatever reason, they just never will. At least not under your roof. 


How Much We Lost

As an agency, there is a standard percentage of adjusted gross income you must earn that translates to the net income percentage you take home. For advertising agencies that number is around $5,000 you get to keep for every $85,000 that you bill out. Which was a very hard pill to swallow when I realized the true size of my loss from the actual billing of millions of dollars.  And the forecast into the future of what that money would be worth invested down through the years is unimaginable. Devastating in fact. My husband and I will not have quite the life we could have if this had not happened.  Unless of course...

There is the reality. More money can always be made. I do it every year.  I had an option to call it quits. To give up. To find a new challenge in life. But that's not me. 

I'm a fighter. I fully to my heart and soul believe in the strength of the company I have built. I know we are excellent at what we do, and that we make a difference to the brands we work with.  We give our all to every project to make it be the best it can be. 

Instead of calling it quits and laying down crying (there were many days where tears were shed), I have spent the past two years attending agency owner conferences with AMI to better learn how to run a profitable agency (with a big thanks to my network of agency owners who are always there with support and advice). I've taken a deeper look at what service offerings are profitable, and continue to tweak and make changes. I've fired some clients who just were not good partners.  I've looked at my staffing and made some hard calls and cuts, as I now know I only want those on my team who are going to truly give it their all - and do so with a positive attitude.

And I have right now the best team in place that I have ever had.

I've doubled down on my business. The stakes are high. They always are for entrepreneurs. Failure can be just around the corner.  The risks sometimes surprising. After all, I certainly never thought of cybercrime taking me to my knees. But the rewards - and pride - of still being in business despite the odds of my making it, are worth it all. 


Keep Learning & Growing 

I counsel all those that work for me as well as advise others that they should stay in their jobs as long as they are learning.  As long as they are growing. And boy ... I am now growing and learning in ways I have never before.  

My mission now?

  1. To continue to grow my agency and create stellar consumer engagement campaigns through entertainment content and influencers.  I love it and my agency rocks at it.  In fact, feel free to give us a call!  We have quite a bit of lost money we still need to make back! Although we are happily definitely back in the black.
  2. To have an agency positioned on both the individual growth of employees and the company overall. I’ve found that I get great satisfaction from tapping into the nurturing side of myself, and that my business flourishes when I do so. 
  3. To help ensure that no other business owner loses their hard-earned money to cyber criminals. Because no one deserves that level of pain and loss after working so hard to obtain it.

And every day I take a moment to relish the fact that I’m not in fact broken.  I survived this setback.  I’ve grown from it.  My sheer will has ensured my business is now thriving.    

This cybercrime had me emotionally and financially hit rock bottom and I’ve changed how I look at both myself, my business and my team members.  While my overall expectations have risen, my understanding of each of them as people who are trying to actually always do a good job, is being better recognized. 

I look at time differently – and actively seek solitude to think and just be.  Although I need to find more of that. After losing ten years of savings, you must question the value of what you spend time doing, to make sure activities are worthwhile on their own, and not just for the money.  I’m more forgiving of myself.  And I’ve also learned that I will just no longer put up with crap.  I work too hard.  And life is just too short.


So Now What?

How did my team celebrate our tenth anniversary?  I took a play out of the Super Bowl – we went to Disneyland!  We’ve won, even though every day may bring a new challenge of the most unexpected kind.  But we will be there ready to continue fighting on.

Our blogs always have calls to actions spread throughout, encouraging people to click and learn more. But this blog is obviously a little different, and a little more personal.

But if you do know a brand or agency that could use a little help with building their brand through content or celebrity and influencer partnerships... keep us in mind and send them our way.  We could use the love. 

As a business owner, if you have questions about what I've experienced and since learned about cybercrime, I am more than happy to share. I don't want this to happen to anyone else.  Just send me an email... stacy @hollywoodbranded.com  and we can chat.

And if you DO have interest in entertainment marketing... I have a podcast that you can listen to where each episode is 5 to 15 minutes in length, providing real step by step how-to's to avoid making marketing mistakes.  And sometimes too... how to avoid big massive business mistakes.

New call-to-action